Home » Dell Manuals » Hubs & Switches » Dell PowerConnect W-IAP3WN » Manual Viewer

Dell PowerConnect W-IAP3WN Dell Instant 6.1.3.4-3.1.0.0 User Guide - Page 109

Authentication, Authentication Methods in Dell Instant, 802.1X Authentication, Internal RADIUS Server

View all Dell PowerConnect W-IAP3WN manuals

Add to My Manuals
Save this manual to your list of manuals

Page 109 highlights

Chapter 10 Authentication Authentication Methods in Dell Instant Authentication is a process of identifying a user by having them to provide a valid username and password. Clients can also be authenticated based on their MAC addresses. The following authentication methods are supported in Dell Instant:  802.1X Authentication  Captive Portal  MAC Authentication 802.1X Authentication 802.1X is a method for authenticating the identity of a user before providing network access to the user. Remote Authentication Dial In User Service (RADIUS) is a protocol that provides centralized authentication, authorization, and accounting management. For authentication purpose, the wireless client can associate to a network access server (NAS) or RADIUS client such as a wireless IAP. The wireless client can pass data traffic only after successful 802.1X authentication. The steps involved in 802.1X authentication are: 1. The NAS requests authentication credentials from the wireless client. 2. The wireless client sends the authentication credentials to the NAS. 3. The NAS sends these credentials to a RADIUS server. 4. The RADIUS server checks the user identity and begins authentication with the client if the user identity is present in its database. The RADIUS server sends an Access-Accept message to the NAS. If the RADIUS server cannot identify the user, it stops the authentication process and sends an Access-Reject message to the NAS. The NAS forwards this message to the client and the client must re-authenticate with correct credentials. 5. After the client is authenticated, the RADIUS server forwards the encryption key to the NAS. The encryption key is used to encrypt or decrypt traffic sent to and from the client. NOTE: A NAS acts as a gateway to guard access to a protected resource. A client connecting to the wireless network first connects to the NAS. The Dell Instant network supports internal RADIUS server and external RADIUS server for 802.1x authentication. Internal RADIUS Server Each IAP has an instance of FreeRADIUS server operating locally. When you enable the Internal RADIUS server option for the network, the authenticator on the IAP sends a RADIUS packet to the local IP address. The Internal RADIUS server listens and replies to the RADIUS packet. The following authentication methods are supported in Dell Instant network:  EAP-TLS- The Extensible Authentication Protocol- Transport Layer Security method supports the termination of EAP-TLS security using the internal RADIUS server. The EAP-TLS requires both server and certification authority (CA) certificates installed onto the IAP.The client certificate is verified on the Virtual Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0 | User Guide Authentication | 109

Section	Page
Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0	1
Contents	3
About this Guide	11
Dell PowerConnect W-Instant Access Point Overview	11
Supported Devices	11
Objective	11
Intended Audience	11
Conventions	12
Contacting Support	12
Initial Configuration	13
Initial Setup	13
Pre-Installation Checklist	13
Connecting the IAP to a Power Source	14
Assigning an IP Address to the IAP	14
Connecting to a Provisioning Wi-Fi Network	14
Disabling the Provisioning Wi-Fi Network	15
Login into Instant User Interface	16
Specifying the Country Code	16
IAP Cluster	17
Instant User Interface	19
Understanding the Instant UI Layout	19
Banner	20
Search	20
Tabs	20
Networks Tab	20
Access Points Tab	21
Clients Tab	21
Links	22
New Version Available	22
Settings	23
RF	25
PEF	26
WIP	27
VPN	27
Wired	28
Maintenance	28
Support	30
Help	33
Logout	33
Monitoring	33
Spectrum	36
Alerts	38
IDS	40
Configuration	41
Language	41
Dell PowerConnect W-AirWave Setup	41
Pause/Resume	42
Views	42
Wireless Network	43
Network Types	43
Employee Network	43
Adding an Employee Network	44
Voice Network	51
Adding a Voice Network	52
Guest Network	58
Adding a Guest Network	59
Editing a Network	65
Deleting a Network	65
Number of WLAN SSIDs supported	65
Enabling the Extended SSID option	66
Mesh Network	67
Mesh Instant Access Points	67
Mesh Portals	67
Mesh Points	68
Instant Mesh Setup	68
Managing IAPs	71
Preferred Band	71
Auto Join Mode	71
Disabling Auto Join Mode	71
Terminal Access	72
LED Display	73
TFTP Dump Server	74
Extended SSID	75
Deny Inter User Bridging and Deny Local Routing	76
Terminal Access	77
Syslog Server	78
Syslog Facility Levels	78
Adding an IAP to the Network	79
Removing an IAP from the Network	79
Editing IAP Settings	80
Changing IAP Name	80
Changing IP Address of the IAP	80
Configuring Adaptive Radio Management	81
Configuring Uplink Management VLAN	82
Configuring Wired Bridging on Ethernet 0	82
Migrating to a Mobility Controller Managed Network	83
Converting an IAP to RAP Mode	83
Converting an IAP to CAP	86
Converting an IAP to Standalone Mode	86
Converting back to an IAP	87
Rebooting the IAP	87
Firmware Image Server in Cloud Network	89
Upgrade using Dell PowerConnect W-AirWave and Image Server	89
Image management using Cloud Server	89
Image management using Dell PowerConnect W-AirWave	89
Automatic Firmware Image Check and Upgrade	89
Upgrading to New Version	90
Manual	90
Automatic	92
Layer-3 Mobility	93
Overview	93
Configuring a mobility domain	94
Home Agent Load Balancing	96
Spectrum Monitor	97
Creating Spectrum Monitors and Hybrid APs	97
Converting IAPs into Hybrid IAPs	97
Converting an IAP to a Spectrum Monitor	98
Spectrum Data	100
Overview - Device List	100
Non-WiFi Interferers	101
Channel Metrics	102
Channel Details	103
Spectrum Alerts	103
NTP Server	105
Configuring an NTP Server	105
Virtual Controller	107
Master Election Protocol	107
Virtual Controller IP Address	107
Specifying Name and IP Address for the Virtual Controller	107
Configuring the DHCP Server	108
Authentication	109
Authentication Methods in Dell Instant	109
802.1X Authentication	109
Internal RADIUS Server	109
External RADIUS Server	110
Authentication Terminated on IAP	110
Configuring an External RADIUS Server	110
Enabling Instant RADIUS	112
RADIUS Server Authentication with VSA	113
List of supported VSA	113
Management Authentication Settings	116
Captive Portal	116
Internal Captive Portal	117
Configuring Internal Captive Portal Authentication when Adding a Guest Network	117
Configuring Internal Captive Portal Authentication when Editing a Guest Network	118
Configuring Internal Captive Portal with External Radius Server Authentication when Adding a Guest Network	119
Customizing a Splash Page	120
Disabling Captive Portal Authentication	121
External Captive Portal	122
Configuring External Captive Portal Authentication when Adding a Guest Network	122
Configuring External Captive Portal Authentication when Editing a Guest Network	124
External Captive Portal Authentication using Dell PowerConnect W-ClearPass GuestConnect	126
Creating a Web Login page in the Dell PowerConnect W-ClearPass GuestConnect	126
Configuring the RADIUS Server in Instant	126
MAC Authentication	127
Configuring MAC Authentication	127
Walled Garden Access	128
Creating a Walled Garden Access	128
Wired Authentication on an IAP	129
Certificates	129
Loading Certificates using Instant WebUI	130
Loading Certificates using Dell PowrConnect W-AirWave	131
Encryption	135
Encryption Types Supported in Dell Instant	135
WEP	135
TKIP	135
AES	135
Encryption Recommendations	135
Understanding WPA and WPA2	136
Recommended Authentication and Encryption Combinations	136
Role Derivation	137
User Roles	137
Creating a New User Role	137
Creating Role Assignment Rules	138
DHCP Option and DHCP Fingerprinting	139
802.1X-Authentication-Type	140
User VLAN Derivation	141
User VLAN Derivation	141
Vendor Specific Attributes (VSA)	141
VLAN Derivation Rule	142
Configuring VLAN Derivation Rules on an IAP	142
User Role	143
Configuring a User Role	143
SSID Profile	145
Configuring VLAN Derivation Rules Using SSID Profile	145
Instant Firewall	147
Service Options	148
Destination Options	149
Examples for Access Rules	150
Allow TCP Service to a Particular Network	150
Allow POP3 Service to a Particular Server	151
Deny FTP Service except to a Particular Server	152
Deny bootp Service except to a Particular Network	153
Content Filtering	155
Enabling Content Filtering	155
Enterprise Domains	156
OS Fingerprinting	157
Adaptive Radio Management	159
ARM Features	159
Channel or Power Assignment	159
Voice Aware Scanning	159
Load Aware Scanning	159
Band Steering Mode	159
Airtime Fairness Mode	160
Airtime Fairness Modes	160
Access Point Control	160
Customize Valid Channels	160
Min Transmit Power	161
Max Transmit Power	161
Client Aware	161
Scanning	161
Wide Channel Bands	161
Monitoring the Network with ARM	161
ARM Metrics	161
Configuring Administrator Assigned Radio Settings for IAP	162
Configuring Radio Profiles in Instant	163
Intrusion Detection System	165
Rogue AP Detection and Classification	165
Wireless Intrusion Protection (WIP)	165
Containment Methods	169
SNMP	171
SNMP Parameters for IAP	171
SNMP Traps	173
Hierarchical Deployment	175
Deployment	175
Ethernet Downlink	177
Ethernet Downlink Overview	177
Ethernet Downlink Profile Parameters	177
Assigning a Profile to the Ethernet Port	180
Uplink Configuration	181
Uplink Configuration Overview	181
Ethernet Uplink	181
3G/4G Uplink	182
Types of Modems	182
Uplink Switchover	186
Uplink Switching based on VPN Status	186
Uplink Preemption	186
Uplink Preference	186
PPPoE	187
Configuring PPPoE	187
Dell PowerConnect W-AirWave Integration and Management	189
Dell PowerConnect W-AirWave Features	189
Image Management	189
IAP and Client Monitoring	189
Template-based Configuration	190
Trending Reports	190
Intrusion Detection System	190
Wireless Intrusion Detection System (WIDS) Event Reporting to Dell PowerConnect W-AirWave	190
RF Visualization Support for Dell Instant	191
Configuring Dell PowerConnect W-AirWave	191
Creating your Organization String	191
About Shared Key	192
Entering the Organization String and AMP Information into the IAP	192
Dell PowerConnect W-AirWave Discovery through DHCP Option	192
Standard DHCP option 60 and 43 on Windows Server 2008	192
Alternate method for defining Vendor Specific DHCP options	195
Monitoring	199
Virtual Controller View	199
Monitoring Link	200
Info	200
RF Dashboard	200
Usage Trends	200
Client Alerts Link	202
IDS Link	202
Network View	202
Info	203
Usage Trends	203
Instant Access Point View	204
Info	205
RF Dashboard	205
Overview	205
Client View	212
Info	213
RF Dashboard	213
RF Trends	213
Mobility Trail	216
Alert Types and Management	217
Alert Types	217
Policy Enforcement Firewall	219
Authentication Servers	219
Users for Internal Server	220
Roles	220
Extended Voice and Video Functionalities	221
QoS for Microsoft Office OCS and Apple Facetime	221
Client Blacklisting	223
Types of Client Blacklisting	224
Manual Blacklisting	224
Adding a Client to the Manual Blacklist	224
Dynamic Blacklisting	225
Authentication Failure Blacklisting	225
Session Firewall Based Blacklisting	225
PEF Settings	225
Firewall ALG Configuration	225
Firewall-based Logging	226
VPN Configuration	227
VPN Configuration	227
Routing Profile Configuration	228
DHCP Server Configuration	229
NAT DHCP Configuration	229
Distributed L2 DHCP Configuration	230
Distributed L3 DHCP Configuration	231
Centralized L2 DHCP Configuration	232
User Database	235
Adding a User	235
Editing User Settings	236
Deleting a User	236
Regulatory Domain	237
Country Codes List	238
Controller Configuration for VPN	241
Whitelist DB Configuration if the Controller is acting as the Whitelist Entry	241
VPN Local Pool Configuration	242
IAP VPN Profile Configuration	242
Abbreviations	245

Match case Limit results 1 per page

Dell PowerConnect W-Series Instant Access Point 6.1.3.4-3.1.0.0

User Guide

Authentication

109

Chapter 10

Authentication

Authentication Methods in Dell Instant

Authentication is a process of identifying a user by having them to provide a valid username and password.

Clients can also be authenticated based on their MAC addresses. The following authentication methods are

supported in Dell Instant:



802.1X Authentication



Captive Portal



MAC Authentication

802.1X Authentication

802.1X is a method for authenticating the identity of a user before providing network access to the user. Remote

Authentication Dial In User Service (RADIUS) is a protocol that provides centralized authentication,

authorization, and accounting management. For authentication purpose, the wireless client can associate to a

network access server (NAS) or RADIUS client such as a wireless IAP. The wireless client can pass data traffic only

after successful 802.1X authentication. The steps involved in 802.1X authentication are:

The NAS requests authentication credentials from the wireless client.

The wireless client sends the authentication credentials to the NAS.

The NAS sends these credentials to a RADIUS server.

The RADIUS server checks the user identity and begins authentication with the client if the user identity is

present in its database. The RADIUS server sends an Access-Accept message to the NAS.

If the RADIUS server cannot identify the user, it stops the authentication process and sends an Access-Reject

message to the NAS. The NAS forwards this message to the client and the client must re-authenticate with

correct credentials.

After the client is authenticated, the RADIUS server forwards the encryption key to the NAS. The encryption

key is used to encrypt or decrypt traffic sent to and from the client.

The Dell Instant network supports internal RADIUS server and external RADIUS server for 802.1x

authentication.

Internal RADIUS Server

Each IAP has an instance of FreeRADIUS server operating locally. When you enable the Internal RADIUS server

option for the network, the authenticator on the IAP sends a RADIUS packet to the local IP address. The Internal

RADIUS server listens and replies to the RADIUS packet. The following authentication methods are supported in

Dell Instant network:



EAP-TLS— The Extensible Authentication Protocol- Transport Layer Security method supports the

termination of EAP-TLS security using the internal RADIUS server. The EAP-TLS requires both server and

certification authority (CA) certificates installed onto the IAP.The client certificate is verified on the Virtual

NOTE:

A NAS acts as a gateway to guard access to a protected resource. A client connecting to the wireless network first

connects to the NAS.